What is CVE-2017-18124?

CVE-2017-18124 is a high-severity vulnerability in Qualcomm Fsm9055, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2018-10-26.

How severe is CVE-2017-18124?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2017-18124 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Qualcomm Fsm9055

CVE-2017-18124

During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM…

Vulnerability class: Buffer Overflow

EPSS: 0.002 (12.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

product-security@qualcomm.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-18124?: CVE-2017-18124 is a high-severity vulnerability in Qualcomm Fsm9055, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2018-10-26.
How severe is CVE-2017-18124?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2017-18124 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.